>
I’m not sure this will help, but… the way firewalls do this (not Wireshark, but
real Firewalls and IPSs) is that they proxy the SSL connection. So, THEY
present the user with an SSL certificate (issued to the Firewall), the user
accepts this certificate as coming FROM THE FIREWALL as a proxy. The
Firewall then opens the SSL connection to the remote site.The point here is that the user has to trust the firewall. The user has a secure
encrypted connection to the firewall, and the firewall has a secure encrypted
connection to the remote resource.
You’ve surprised me Peter. I assumed the assistance you would provide once it was daylight in your timezone was going to be to lock this thread, so the rest of us could stop being anxious that someone is wrong on the internet http://xkcd.com/386/ 
James